a 0h@sUddlmZddlZddlZddlZddlZddlZdZdZe ddej ej j fDZ ded<d d d d d Zd d d ddddZdd d d d dddZd d ddddZd d ddddZdS) ) annotationsNZ>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789i@Bccs"|]}|dur|dkr|VqdS)N/.0seprr?/var/www/auris/lib/python3.9/site-packages/werkzeug/security.py sr z list[str] _os_alt_sepsintstr)lengthreturncCs(|dkrtddddt|DS)zAGenerate a random string of SALT_CHARS with specified ``length``.rzSalt length must be at least 1.css|]}ttVqdSN)secretschoice SALT_CHARS)r_rrrr zgen_salt..) ValueErrorjoinrange)r rrrgen_saltsrztuple[str, str])methodsaltpasswordrc CsD|d^}}|}|}|dkr|s8d}d}d}n2ztt|\}}}WntyhtddYn0d|||} tj|||||| dd |d|d|fS|d kr0t|} | d krd } t } n>| dkr|d } t } n(| d kr|d } t|d} ntdt | ||| d| d| fStd|ddS)N:scryptiz'scrypt' takes 3 arguments.)rnrpmaxmemzscrypt:Zpbkdf2rsha256z'pbkdf2' takes 2 arguments.zpbkdf2:zInvalid hash method 'z'.) splitencodemapr rhashlibrhexlenDEFAULT_PBKDF2_ITERATIONS pbkdf2_hmac) rrrargsZ salt_bytesZpassword_bytesr"r#r$r%Zlen_args hash_nameZ iterationsrrr_hash_internalsH    r2r)rr salt_lengthrcCs,t|}t|||\}}|d|d|S)aDSecurely hash a password for storage. A password can be compared to a stored hash using :func:`check_password_hash`. The following methods are supported: - ``scrypt``, the default. The parameters are ``n``, ``r``, and ``p``, the default is ``scrypt:32768:8:1``. See :func:`hashlib.scrypt`. - ``pbkdf2``, less secure. The parameters are ``hash_method`` and ``iterations``, the default is ``pbkdf2:sha256:600000``. See :func:`hashlib.pbkdf2_hmac`. Default parameters may be updated to reflect current guidelines, and methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password. :param password: The plaintext password. :param method: The key derivation function and parameters. :param salt_length: The number of characters to generate for the salt. .. versionchanged:: 3.1 The default iterations for pbkdf2 was increased to 1,000,000. .. versionchanged:: 2.3 Scrypt support was added. .. versionchanged:: 2.3 The default iterations for pbkdf2 was increased to 600,000. .. versionchanged:: 2.3 All plain hashes are deprecated and will not be supported in Werkzeug 3.0. $)rr2)rrr4rhZ actual_methodrrrgenerate_password_hashIs"r7bool)pwhashrrcCsDz|dd\}}}Wnty*YdS0tt|||d|S)aASecurely check that the given stored password hash, previously generated using :func:`generate_password_hash`, matches the given password. Methods may be deprecated and removed if they are no longer considered secure. To migrate old hashes, you may generate a new hash when checking an old hash, or you may contact users with a link to reset their password. :param pwhash: The hashed password. :param password: The plaintext password. .. versionchanged:: 2.3 All plain hashes are deprecated and will not be supported in Werkzeug 3.0. r5r'Fr)r(rhmaccompare_digestr2)r9rrrZhashvalrrrcheck_password_hashps  r<z str | None) directory pathnamesrcs|sd}|g}|D]ddkr(ttfddtDsftjsfdsfdksfdrldS|qtj |S) a2Safely join zero or more untrusted path components to a base directory to avoid escaping the base directory. :param directory: The trusted base directory. :param pathnames: The untrusted path components relative to the base directory. :return: A safe path, otherwise ``None``. .rc3s|]}|vVqdSrrrfilenamerrr rzsafe_join..rz..z../N) posixpathnormpathanyr ospathisabs startswithappendr)r=r>partsrr@r safe_joins&    rK)rr3) __future__rr+r:rErBrrr.listrrFaltsepr __annotations__rr2r7r<rKrrrrs  1'